[BUG] Segfault when calling `index()` on dropped `ListBox` row.

[MGlolenstine]

Bug description (It doesn't always happen. I've gotten it 2/5 times.) Run the below application and press the Button. The app should close with "Segmentation fault (core dumped)".

The problem is the row.index(), because (I think) in the line before it, we remove it from parent and lose the object.

use gtk::prelude::*;

fn main() {
    let application =
        gtk::Application::new(Some("com.github.gtk-rs.examples.basic"), Default::default());
    application.connect_activate(build_ui);
    application.run();
}

fn build_ui(application: &gtk::Application) {
    let window = gtk::ApplicationWindow::new(application);

    window.set_title(Some("First GTK Program"));
    window.set_default_size(350, 70);
    let vbox = gtk::Box::new(gtk::Orientation::Vertical, 0);
    let listbox = gtk::ListBoxBuilder::new().build();
    listbox.append(&gtk::Label::new(Some("crash!")));

    let button = gtk::Button::with_label("Click me!");

    button.connect_clicked(glib::clone!(@strong listbox => move |_|{
        let row = listbox.selected_row().unwrap();
        listbox.remove(&row);
        println!("{}",row.index());
    }));
    vbox.append(&listbox);
    vbox.append(&button);
    window.set_child(Some(&vbox));

    window.show();
}

Backtrace There's no backtrace, as the error is in Segmentation fault (core dumped). Valgrind: https://gist.github.com/MGlolenstine/d1ddf5b7caf875e589aed55bacf6eec8 GDB: BackTrace

GNU gdb (GDB) 10.2
Copyright (C) 2021 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from target/debug/segfault_mre...
warning: Missing auto-load script at offset 0 in section .debug_gdb_scripts
of file /home/life/rustProjects/segfault_mre/target/debug/segfault_mre.
Use `info auto-load python-scripts [REGEXP]' to list them.
(gdb) c
The program is not being run.
(gdb) r
Starting program: /home/life/rustProjects/segfault_mre/target/debug/segfault_mre 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[New Thread 0x7ffff384a640 (LWP 28657)]
[New Thread 0x7ffff3049640 (LWP 28658)]
[New Thread 0x7ffff24aa640 (LWP 28659)]
[Thread 0x7ffff24aa640 (LWP 28659) exited]
[New Thread 0x7ffff24aa640 (LWP 28660)]
[New Thread 0x7ffff181d640 (LWP 28661)]
[New Thread 0x7ffff0ec7640 (LWP 28662)]
[New Thread 0x7fffdcb1b640 (LWP 28663)]
[New Thread 0x7fffcffff640 (LWP 28664)]
[New Thread 0x7fffcf7fe640 (LWP 28665)]
[New Thread 0x7fffceffd640 (LWP 28666)]
[New Thread 0x7fffce7fc640 (LWP 28667)]
[New Thread 0x7fffcdffb640 (LWP 28668)]
[New Thread 0x7fffcd7fa640 (LWP 28669)]
[New Thread 0x7fffccff9640 (LWP 28670)]
[New Thread 0x7fffaffff640 (LWP 28671)]
[New Thread 0x7fffaf7fe640 (LWP 28672)]
[New Thread 0x7fffaeffd640 (LWP 28673)]
[New Thread 0x7fffae7fc640 (LWP 28674)]
[New Thread 0x7fffadffb640 (LWP 28675)]
[New Thread 0x7fffad7fa640 (LWP 28676)]
[New Thread 0x7fffacff9640 (LWP 28677)]
[New Thread 0x7fff8ffff640 (LWP 28678)]
[New Thread 0x7fff8f7fe640 (LWP 28679)]
[New Thread 0x7fff8effd640 (LWP 28680)]
[New Thread 0x7fff8e7fc640 (LWP 28681)]
[New Thread 0x7fff8dffb640 (LWP 28682)]
[New Thread 0x7fff8d7fa640 (LWP 28683)]
[New Thread 0x7fff8cff9640 (LWP 28684)]
[New Thread 0x7fff6ffff640 (LWP 28685)]
[New Thread 0x7fff6f7fe640 (LWP 28686)]
[New Thread 0x7fff6effd640 (LWP 28687)]
[Thread 0x7fff6f7fe640 (LWP 28686) exited]
[Thread 0x7fff6effd640 (LWP 28687) exited]

Thread 1 "segfault_mre" received signal SIGSEGV, Segmentation fault.
0x00007ffff72ad28c in ?? () from /usr/lib/libglib-2.0.so.0
(gdb) bt
#0  0x00007ffff72ad28c in  () at /usr/lib/libglib-2.0.so.0
#1  0x0000555555565c8e in gtk4::auto::list_box_row::{{impl}}::index<gtk4::auto::list_box_row::ListBoxRow> (self=0x7fffffffd188) at /home/life/.cargo/git/checkouts/gtk4-rs-e74ad56283dfeb5e/d2f1fa2/gtk4/src/auto/list_box_row.rs:482
#2  0x00005555555642f8 in segfault_mre::build_ui::{{closure}} () at src/main.rs:24
#3  0x0000555555565c59 in gtk4::auto::button::{{impl}}::connect_clicked::clicked_trampoline<gtk4::auto::button::Button,closure-0> (this=0x555555771180, f=0x55555579c150)
    at /home/life/.cargo/git/checkouts/gtk4-rs-e74ad56283dfeb5e/d2f1fa2/gtk4/src/auto/button.rs:616
#4  0x00007ffff7f80096 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#5  0x00007ffff7f80210 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#6  0x00007ffff77bae7b in  () at /usr/lib/libgtk-4.so.1
#7  0x00007ffff7f80096 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#8  0x00007ffff7f80210 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#9  0x00007ffff7879d3f in  () at /usr/lib/libgtk-4.so.1
#10 0x00007ffff7f676ec in g_cclosure_marshal_VOID__BOXEDv () at /usr/lib/libgobject-2.0.so.0
#11 0x00007ffff7f80096 in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#12 0x00007ffff7f80210 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#13 0x00007ffff7878588 in  () at /usr/lib/libgtk-4.so.1
#14 0x00007ffff787954b in  () at /usr/lib/libgtk-4.so.1
#15 0x00007ffff787c35d in  () at /usr/lib/libgtk-4.so.1
#16 0x00007ffff79d672f in  () at /usr/lib/libgtk-4.so.1
#17 0x00007ffff79d6a0c in  () at /usr/lib/libgtk-4.so.1
#18 0x00007ffff7b9945e in  () at /usr/lib/libgtk-4.so.1
#19 0x00007ffff78c1dfb in  () at /usr/lib/libgtk-4.so.1
#20 0x00007ffff79e4d18 in  () at /usr/lib/libgtk-4.so.1
#21 0x00007ffff7ab1feb in  () at /usr/lib/libgtk-4.so.1
#22 0x00007ffff7ad98b1 in  () at /usr/lib/libgtk-4.so.1
#23 0x00007ffff7f62ddf in g_closure_invoke () at /usr/lib/libgobject-2.0.so.0
#24 0x00007ffff7f8bfbd in  () at /usr/lib/libgobject-2.0.so.0
#25 0x00007ffff7f7f2db in g_signal_emit_valist () at /usr/lib/libgobject-2.0.so.0
#26 0x00007ffff7f80210 in g_signal_emit () at /usr/lib/libgobject-2.0.so.0
#27 0x00007ffff7b93104 in  () at /usr/lib/libgtk-4.so.1
#28 0x00007ffff7b248da in  () at /usr/lib/libgtk-4.so.1
#29 0x00007ffff729c02c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#30 0x00007ffff72efb59 in  () at /usr/lib/libglib-2.0.so.0
#31 0x00007ffff7299781 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#32 0x00007ffff744a28e in g_application_run () at /usr/lib/libgio-2.0.so.0
#33 0x0000555555566100 in gio::application::{{impl}}::run_with_args<gtk4::auto::application::Application,alloc::string::String> (self=0x7fffffffe630, args=...)
    at /home/life/.cargo/git/checkouts/gtk-rs-core-7be42ca38bd6361c/41820cc/gio/src/application.rs:30
#34 0x00005555555661ec in gio::application::{{impl}}::run<gtk4::auto::application::Application> (self=0x7fffffffe630) at /home/life/.cargo/git/checkouts/gtk-rs-core-7be42ca38bd6361c/41820cc/gio/src/application.rs:23
#35 0x0000555555563f62 in segfault_mre::main () at src/main.rs:7

[bilelmoussaoui]

From a quick test, looks like a gtk4 issue. The issue happens in https://gitlab.gnome.org/GNOME/gtk/-/blob/master/gtk/gtklistbox.c#L3211-3212 to be precise.

[bilelmoussaoui]

Closing as I reproduced it with Python & reported it upstream at https://gitlab.gnome.org/GNOME/gtk/-/issues/4019